Virus Infects Through USB Drives

The warning that free memory sticks could be dangerous for a computer was a frightening cry of security company Sophos. A group of worms replicates itself onto portable drives like USB memory sticks and runs of its own when the device is fixed to a PC. In this way the worm spreads virulently. Therefore, cautions Sophos, everyone should disable the auto-run program before connecting the freebie USB drives to their computers.

There is widespread use of USB keys, said Sophos' chief media person Graham Cluley. Absolute Gadget published Cluley's statement on May 4, 2007. The USB sticks are available at such low prices that marketing people give them away in direct mail-shots and at tradeshows, Cluley said.

Computer owners need to be careful when they plug-in device, not previously known, into their systems for the device could contain malicious code, Cluley further added.

The SillyFD-AA worm searches removable drives like floppy disks and USB memory sticks to make sure that its copy runs of its own when the device is fixed to another computer. SillyFD-AA creates a file called autorun.inf and hides it in the system so that a duplicate of the worm runs when the external drive is connected to a Windows PC. The worm also alters the name of the Internet Explorer Windows to flash the phrase "Hacked by 1BYTE".

According to Cluley, renaming the browser implied that there was no fully sly intention to write this particular worm variant. Changing the name of the Internet Explorer browser's Windows is a definite indication that something strange was happening, Cluley said in a statement.

As present day businesses increasingly place strong defenses in their networks to safeguard against e-mail viruses and other malware, hackers are seeking less defensive channels such as USB keys in order to infect PCs of innocent users.

According to experts' advice people should deactivate the auto-run feature in Windows so that when removable devices like USB keys and CD ROMs are fixed to a PC they don't automatically plant malware. Also they should check any storage apparatus attached to a computer for virus and malware before using it.